OBJECTIVE:

Seeking a challenging position in a dynamic environment to apply my consulting and network design expertise to large enterprise environments as a Network Architect or Pre - sales Engineer.

SUMMARY:

• Security/Network Engineer with 10+ years of experience in Secure platform with Enterprise Network Infrastructure Design and Deployment.
• In depth experience of Core Routing and Switching design, configuration, implementation and support.
• Strong Hands on experience with Cisco Routers (Cisco CRS-1,ASR 1k), Cisco Catalyst Switches (6500/7600), Nexus 5k/2k and Juniper Routers (M/MX Series).
• Good working knowledge in Juniper EX Switches and SRX Firewall
• In depth knowledge of 802.1x and end point authentication behavior and characteristics
• Efficient use of Microsoft VISIO and MS Project as technical documentation and presentation tools.

TECHNICAL CORE SKILLS:

IP Routing Protocols: EIGRP, OSPF, IS-IS, MP-BGP, BGP Attributes/Communities, VRF, VPC, IPSec, VPN,policy routing (ACLs / distribute-lists / route-maps) Routers Cisco CRS-1/8 running IOS XR v.3.8.2, ASR1006 running IOS-XE v15.x, 1800, 2500, 2600, 2800, 3600, 3800 Series Routers running IOS v.12.4, Juniper M Series Routers (M7i, M10i), Juniper MX480, MX960 Series Router

Switches: Cisco Nexus 5548, 2248/2232, Catalyst WS- 6513/6509/6506, WS- 4507/4506/4503, WS-3750, WS-3560/3550, WS-2960/2950Cisco, Juniper Switches EX4500, 4200

Nexus: Nexus 48 UP / 32 PP / 2248 TP / 1000 V

LAN Switching: VTP, NAT/PAT, HSRP, VRRP, VACL, RSTP, STP, RSTP, MST, LACP, BFD, DHCP, IOS based Switches, Ether Channel.

MPLS: LDP, RSVP, L2VPN, VPLS, L3VPN,MPLS TE, MPLS LDP/TDP frame modeFirewalls Cisco Firepower ASA 5506-X, ASA5512-X, ASA 5515-X, Cisco Secure PIX/506/515e/525/535, Cisco Firewall Switch Module v2.x/3.3, Cisco ASA Firewalls 42xx, 55xx Ver. 7.x/8.x Security Cisco Identity Services Engine (ISE ver 1.4, 2.0) DMVPN, VPNs Site-to-Site, IPSec, Remote Access, SSL, AnyConnect, Configuration of IPS.

EMPOLYMENT HISTORY:

Confidential

Network Security Engineer

Responsibilities:

• Converted sonicwall zone-based firewall configuration file into ASA standard configuration ( Access list, NAT rules, Remote Access, IPSEC Site2Site and AnyConnect )
• Configured Cisco Nexus 5010/5020 switches, and 2000/2200 fabric extender.
• Configured fabricPath for high availability and Virtual Port Channel (vPC) to connect to Nexus
• Configured port channel on dual ASA for connecting dual N9K in Colorado and Maryland DC
• Configured ASA to act as DHCP server for customer remote sites
• Configured PPPoE on the ASA remote sites for connecting the customer branches.
• Troubleshooting by packet flow and packet capture diagnostics for firewall configurations solutions remotely
• Implemented and update security principles supporting customer migrations, configurations and implementations.
• Migrated internal Cisco ASA 5510 firewalls with ASA 5512-x firewalls with Firepower Services.
• Installed and configured Firepower Management Center 6.0 on VMware and added ASA Sourcefire Agents as well as Firepower NGIPS for monitoring and management.
• Added licensing to Firepower Management Center to cover NGIPS as well as 5512-x.
• URL, and Malware Policies on FMC and deployed to security endpoints.
• Reconfigured/updated DMVPN HUB connected to 15 sites supporting 20 spoke Routers in total
• Work together with BU IT and site contacts to build planning, schedule migration window and execute the migration of the DMVPN spoke Routers

Confidential, Manhattan

Wireless Identity Services Engineer

Responsibilities:

• Designed and deployed distributed Cisco ISE platform across all enterprise sites
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers and Catalyst Switches
• Configured and Implemented Cisco Identity Services Engine (ISE) with connectivity to Microsoft Active directory & CA Third party for Authentication including Certificate Based Authentication.
• Designed and Configured Cisco Identity Services Engine (ISE v2.0) to support corporate connectivity to a new wireless environment utilizing Active Directory Authentication and Authorization with EAP-TLS client certificates.
• Provide knowledge transfer and informal training to clients
• Experience with Authentication Protocols (EAP-TLS, PEAP, EAP-FAST, Etc.)

Confidential, Kentucky

Responsibilities:

• Obtained current rules from existing Sidewinder Firewalls and Migrate existing rules to be installed in an active cluster and Created twelve (12) DMZ’s as per Customer request and Migrate NAT pools from Sidewinder to Cisco ASA 5525X’s
• Tested configurations prior to cutover from existing Sidewinder Firewall to new Cisco ASA 5580’s and Monitored to ensure all rules and NAT pools are operating properly over the shoulder training during entire evolution
• Obtained current VPN rules in existing Juniper VPN concentrator and Configured VPN NAT pools
• Created VPN rules on new Cisco ASA 5525x and tested configuration prior to cutover from existing Juniper VPN concentrator to new Cisco ASA 5520 VP
• Ensured licensing for five hundred (500) SSL Any Connect premium SSL VPN participants are loaded on the primary and secondary VPN appliance
• Monitored to ensure all VPN rules are executing properly Over the shoulder training during entire evolution
• Developed a complete test plan documentation package which include a document detailing test resource requirements, procedures, and expected results.
• Configured ASA SSL VPN remote access from Microsoft Windows Mobile cellphones, equipped with Cisco AnyConnect VPN client & digital certificate issued by external CA server
• Delivered Customer Requirement Document (CRD), High-Level Design (HLD), Pre-Deployment (PDG), Low-Level Design (LLD), Acceptance Testing Procedures (ATP) and As-Built Documentation.

Confidential, Maryland

Senior Network Engineer

Responsibilities:

• Member of a team of engineers responsible for providing end to end LAN/WAN solutions.
• Provide day to day firewall/VPN support which spans across multiple firewall platforms, including Cisco ASA and Juniper SRX
• Configured VLAN, Spanning tree, VSTP on juniper EX series switches EX-2200,EX-4200
• Configured OSPF and Static routing on Juniper M and MX series Routers MX-480
• Implemented and troubleshooting NAT, policies on Juniper firewall SRX210, SRX240.
• Configured Nexus 2148, 2248 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7k.
• Configured and extension of VLAN from one network segment to their segment between Different vendor switches (Cisco, Juniper)
• Replacement of the current external switch stack with Nexus 7k 10gb data rates.
• Migrated Servers from 6500 Platform to Nexus without any application outage
• Deployed Service Switching layer with 6500 platform for Firewall and Load Balancing Services for WEB and APP server Cloud on the Nexus platform
• Creation of a multi-VDC (virtual routers) configuration for the Nexus. Each isolated virtual router will replace an existing DMZ domain.
• The master VDC on the router will our intranet DMZ. Non-Master VDC routers will be configured for the other DMZ elements.
• Configured an IPSec Site-to-Site VPN between the Cisco ASA5545 at small office location and Cisco 1841 ISR with a security IOS image at the main office.
• Configured Zone-Based Policy Firewall on the Cisco 1841 ISR with the following components: three zones, class-maps specifying traffic that must have policy applied as it crosses a zone-pair, policy maps to apply action to the class-maps' traffic, zone-pairs, and application of policy to zone pairs.

Confidential

IP Mobile Backhaul Network Engineer

Responsibilities:

• Provided Customer Managed services (MS) for a based cellular network solution of IPRAN (Radio Access Network for 3G, 2G and 2.5G mobile data) on huawei platforms. worked with customer solution architects and engineering team to upgrade and improve network infrastructure and security
• Network Backbone Upgrade project. Successfully achieved main goal of the project: migrate off of older supported Huawei networking Routers ( 18 ) NE40 per site to a newer Huawei ( 16 ) NE40E platform environment. The end goal of the project is to ensure that all network traffic has been migrated and no longer flows through any current NE40 equipment. The migrated traffic will go to (2) provider Huawei router NE80.
• Configured Juniper M320s as PE's, NE80E-1 as Core, Huawei NE40 as CE’s
• Configured Huawei NE80E-1, Juniper M10i Routers as Route-Reflectors in Core BackBone.
• Configured OSPF, BGP, LDP, MP-BGP on Juniper M320 and NE80E-1 in the Core.
• Built the swap cutover and the redundancy load sharing solutions and the rollback plans for 1-NE40/2-NE40Es per each IP-RAN Site.
• Implemented the cutover from the NE40 to the NE40Es while insuring minimum downtime per service.
• Troubleshooting of all IP related faults of IPRAN routing protocols such as OSPF tuning(failure detection, BFD, VPNV4(MP-BGP,),MPLS(LDP), QOS (Diffserv) DSCP,IPP, PHB EF,CS,AF,BE, VPN-MPLS, L2 Gb traffic, 2G Traffic & Signaling and MPLS-TE by RSVP-TE/FRR.
• Implemented traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network Open Shortest Path First (OSPF).
• Implemented Hot Standby Router Protocol (HSRP) by tunning parameters like preemption.
• Configured of Gb/IP, A/IP, Abis /IP services from BSC & RNC CE sides.
• Configuration of VLAN's, VRF's on CE side for logical separation of high bandwidth interfaces and LACP for increasing the bandwidth.
• Troubleshooting QOS involving policing, shaping and queuing towards Core and towards CE and PE routers.

Confidential

Data Centre Engineer

Responsibilities:

• Responsible for designing a network redundancy scenario with two physically separate data centers in two different buildings. deployment of the data center infrastructure for 2 Pods in the data centre environment for expand LAN datacenter from flat network chained switches to hierarchical switched network design the environment is Cisco-based redundant Cisco Catalyst 6500 switch, Core Router platform 7600 series, Cisco 4507R and 3750.
• Configure and manage a collapsed Cisco 6509 VSS and HSRP cores with C3750 stacks in top-of-rack; C6500s and C3560 stacks in access layer.
• Configured VLAN's, HSRP, VRRP, LACP with the help of Redundant 6509 switches with L2/L3 Redundancy.
• Upgrading IOS images for 7200 routers Configuring and installing L3/L2 CISCO 6509 switches
• Built the Customer Layer 2& 3 switch configuration - VTP, Spanning Tree, 802.1Q trunk, VTP,
• Implemented HSRP on the Cisco 2948G Layer 3 switches, and EIGRP, OSPF on the 2 Cisco 7200 routers, 2 Cisco 2610 routers, the Layer 3 switch, 3 Cisco 3508XL Switches, 2 Cisco 3524XL switches for load balancing and fail over.
• Utilized Cisco intrusion prevention systems to detect, block, and remediate security incidents.
• Worked on enhanced development of Layer 2 security by introducing 802.1x, port security, VTP security, storm control, and Private VLANS into the network infrastructure.
• Managed Cisco IPS 4250 implementation in Promiscuous and Inline modes, Signature up gradation, fine tuning and log monitoring using Cisco Event viewer “IEV”.
• Configured failover on ASA Firewall ( Active/Standby
• Monitored IPS signature alerts, in real-time creating security incidents if violations occur.
• Implemented and configured Bluecoat proxy series appliances platform SG510& Fortigate FW platform Fortinet 400A for the primary data centre.
• Configuring Cisco secure server (TACACS+) for AAA login to routers and switch
• Integrated Cisco Radius ACS with FW for SSH users

Cisco Technical Instructor

Confidential

Responsibilities:

• I am certified to teach the following Cisco classes Cisco Routing & Switching, Service Provider, Security and Design Courses CCNA, CCNP, CCIP, CCDA, CCDP and CCSP.
• Involved in the security channel partners program to deliver Check Point Security Administration (R77 GaiA ) and Cisco ASA courses
• Conducted on-site training for Fortigate Firewall 50A Security administration course to customer IT stuff.
• Migration of Juniper SRX3400 series internal firewall to ASA 5500X
• Appointed as Subject Matter Expert for the juniper appliances cutover from to new Cisco ASA’s.
• Moved L2/L3 INTERFACES (SVI’s) and the associated rules sets from the juniper firewalls to the ASA’s while leaving the VPN services on the existing Juniper SRX3400 appliances.
• Translated the existing juniper configurations to Cisco ASA compatible version.
• Worked on Cisco IPS module which allows IDS or IPS inspection of all traffic passing through the firewall
• Responsible for configuring Cisco ASA secured routing templates allowing customer clients to encrypt routing protocol updates on the firewall, if enabled
• Helped the deployment group with templates related to the configuration of Active/Standby failover enabling rapid deployment of failover configurations for customer clients
• Document each firewall change for audit requirements by contacting the SOC before and after each change and also providing successful of failed status.
• Migrated from legacy catalyst 6500 to ASR 9k
• Performed OSPF, BGP, HSRP and Bundle Ethernet implementation on ASR 9K redundant pair.

VPN Implementation Engineer

Confidential

Responsibilities:

• Support, Implementation and Troubleshooting of highly complex Cisco based Network Operations (upgrades, replacement, topology changes, etc)
• Provide technical support to pre-sales, and project managers to validate and review the technical design of new services of complex VPN changes sold to the designated customers.
• Assist in design, configuration and operations of PriceWaterHouse Coopers IP/MPLS data communications commercial network, specifically focusing on MPLS L2/L3 VPN Design,Routing and R&D issues
• Work with the engineering and marketing teams to implement necessary changes, fixes, patches when necessary to platforms by Providing ongoing technical support and consulting services for platforms.
• Provide sales support for the business development team and manage new integrations through the deployment phase.
• Provide extranet connections over direct links, IPSEC VPNs over public networks, GRE/IPSEC for multicast traffic for global large accounts.
• Perform testing of QoS (CBWFQ, WRED, CAR, CB Policing etc), MPLS (VPNs) and new Cisco IOS features before deploying them in production environment.
• Configured networks using routing protocols such as OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.
• Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
• Configured policy based routing for BGP for complex network systems.
• Tuned BGP internal and external peers with manipulation of attributes such as metric, origin and local Preference.
• Re-engineered BGP routing ( route maps, as path prepend, MED local preference to local balance traffic access multiple ISP links
• Provided intranet VPN solution using IPsec tunneling
• Build and maintain visio documentation database of network topology

Network Support Engineer

Confidential

Responsibilities:

• Basic configuration on routers ( 0 / 2600/ 1800 ) switches ( 60G ) and providing L1 support for customers
• Handling calls for troubleshooting of network related issues.
• Monitoring for MPLS and internet circuits on cisco routers 1841/2811/3725/3825
• Providing support for internal networks and related trouble tickets.
• Coordination with bandwidth vendors and upstream providers.
• Upgraded cisco routers, switches and firewall IOS using TFTP.
• Perform password recovery on Cisco IOS routers/switches
• Configured backup and recovery of Cisco IOS Images.

Confidential

Network Support Technician

Responsibilities:

• Installing hardware and software systems
• Configuring computer networks
• Technical support on-site or via phone or email
• Provide Tier II and Tier III technical support for data network faults
• Monitoring, troubleshooting, diagnosing, maintaining and resolving network issues.
• Administration of routers switches and firewalls.
• Maintain log and configuration files of existing and newly-installed equipment (asset management).